← back
CVE-2020-27658

CVE-2020-27658

CVSS 7.1 HIGHEPSS 1.3%CWE-1004
In short

Synology Router Manager fails to protect its session cookie from being read by JavaScript code running in a browser. This allows attackers to steal the cookie and hijack user sessions.

Technical detail

The session cookie in SRM versions before 1.2.4-8081 lacks the HTTPOnly flag, enabling JavaScript-based XSS attacks to exfiltrate the cookie. Remote attackers can exploit this via malicious scripts to gain unauthorized session access, assuming the victim browses a compromised or attacker-controlled page while authenticated.

Summary generated and translated by AI from the official description.
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Affected products
Synology · Synology Router Manager (SRM)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.synology.com/security/advisory/Synology_SA_20_14https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1086